[shib_auth] HTTPS vs HTTP Help ASAP.
Luke Cameron
LCameron at cityplym.ac.uk
Wed Jun 29 09:30:18 CEST 2011
Hi Kristof,
That makes sense, I will put that forward to them. I told them similar but they said I was wrong. Thanks for clearing it up I will give it ago.
Luke
>>> Kristof Bajnok <bajnokk at niif.hu> 29/06/2011 06:14 >>>
On 2011. June 28. 20:39:43 Luke Cameron wrote:
> have setup the SP like normal with HTTPS enabled, but the web developer
> wants them to login to Shib over HTTPS then redirect them back to HTTP but
> when I try this in a test environment it wont work it shows them logged
> out again.
This is most probably because your Shibboleth SP does not protect the
unencrypted HTTP requests. Look for 'handlerSSL' parameter in shibboleth.xml.
According to
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions , this
setting defaults to true, so you have to disable it.
> Can some confirm this is correct or a way of doing what the web
> developer wants to do.
More information about the shib_auth
mailing list